WordPress.org

Ready to get started?Download WordPress

Forums

Front End Post Form For Custom Post Type (9 posts)

  1. alanchrishughes
    Member
    Posted 2 years ago #

    After a lot of messing with a classifieds theme I've figured out a way to create a front end page for people to submit content, but I'd like it to $_POST to a custom post type instead of the default post. Is there a simple way to do this?

    <?php
    if ($_POST){
    $error = false;
    
    if(cP("title") == "") {
    $error = true;
    $error_text .= __('* Please enter an event title.', "wpct")."<br />";
    }		  
    
    if(!isEmail(cP("FlyerEmail"))) {
    $error = true;
    $error_text .= __('* Please enter a valid email address', "wpct")."<br />";
    }
    
    if(cPR("description") == "") {
    $error = true;
    $error_text .= __('* Please enter a description.', "wpct")."<br />";
    }
    
    if(cPR("Location") == "") {
    $error = true;
    $error_text .= __('* Please enter a location.', "wpct")."<br />";
    }
    
    if(cPR("FlyerFirstName") == "") {
    $error = true;
    $error_text .= __('* Please enter your first name.', "wpct")."<br />";
    }		  
    
    if(cPR("FlyerLastName") == "") {
    $error = true;
    $error_text .= __('* Please enter your last name.', "wpct")."<br />";
    }		  
    
    //image check
    if (get_option('EventFlyer_max_img_num','4')>0){
    $image_check=true;
    $image_upload=false;//nothing to upload
    $types=split(",",get_option('EventFlyer_img_types','jpeg'));//creating array with the allowed types
    for ($i=1;$i<=get_option('EventFlyer_max_img_num','4')&&$image_check;$i++){
    $file_size = $_FILES["pic$i"]['size'];
    $file_type = $_FILES["pic$i"]['type'];
    if ($file_size > get_option('EventFlyer_max_img_size','1000000')) {//control the size
    
    $image_check=false;//is to big then false
    $error = true;
    $error_text .=__('* Sorry, your flyer is too large (One mb max)<br />');
    }
    
    elseif ($file_type!=""){//the size is right checking type
    $image_check=false;//not allowed
    foreach ($types as $ac_type){//to find allowed types
    if (strpos($file_type, $ac_type)) $image_check=true;//allowed one
    }
    }
    
    if (!$image_check) {
    $error = true;
    $error_text .=__('* Sorry, you can only upload flyers in the jpeg format')." ".get_option('')."<br />";
    }
    
    if (file_exists($_FILES["pic$i"]['tmp_name'])) $image_upload=true;//there's someting to upload
    }
    }
    
    if (!$error){
    if (is_numeric(cP("price"))) $price=cP("price");
    
    else unset($price);
    // post information
    $data = array
    
    (
    'post_title' => cP("title"),
    'post_content' => cPR("description"),
    'post_status' => "draft",
    'post_category'	=> array(cP("category")),
    'tags_input'	=> cP("tags")
    );
    
    // insert post
    $published_id = wp_insert_post($data);
    
    // add custom fields
    if (cP(Location)!="") add_post_meta($published_id, 'Location', cP("Location"), true);
    if (cP(FlyerFirstName)!="") add_post_meta($published_id, 'FlyerFirstName', cP("FlyerFirstName"), true);
    if (cP(FlyerLastName)!="") add_post_meta($published_id, 'FlyerLastName', cP("FlyerLastName"), true);
    if (cP(FlyerEmail)!="") add_post_meta($published_id, 'FlyerEmail', cP("FlyerEmail"), true);
    if (cP(phone)!="") add_post_meta($published_id, 'phone', cP("phone"), true);
    
    // images upload
    if (get_option('EventFlyer_max_img_num','4')>0&&$image_upload){
    $upload_array = wp_upload_dir();
    $img_upload_dir = trailingslashit($upload_array['basedir']).get_option('EventFlyer_img_upload_dir','Event Flyer')."/".date("Y")."/".date("m")."/".date("d");
    if (!file_exists($img_upload_dir)) mkdir($img_upload_dir, 0777, true);
    for ($i=1;$i<=get_option('EventFlyer_max_img_num','4');$i++){
    $img_upload_file = trailingslashit($img_upload_dir).$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.');
    if (move_uploaded_file($_FILES["pic$i"]['tmp_name'],$img_upload_file)){
    $post_images .= get_option('EventFlyer_img_upload_dir','EventFlyer')."/".date("Y")."/".date("m")."/".date("d")."/".$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.').",";
    }
    }
    add_post_meta($published_id, 'EventFlyer', $post_images, true);
    }
    
    		  	  //EMAIL notify
    		  	  if (get_option('permalink_structure') != '' ) {
    		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=confirm";
    		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=delete";
    		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=edit";
    		  	  }
    		  	  else {
    		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=confirm";
    		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=delete";
    		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=edit";
    		  	  }
    
    		  	  $body= get_option('wpClassifieds_mail_confirm');
    		  	  $body= str_replace(array("{SITE_NAME}", "{TITLE_OF_AD}", "{CONFIRM_LINK}", "{EDIT_LINK}", "{ELIMINATE_LINK}"), array(get_bloginfo('name'), cP("title"), $linkConfirm, $linkEdit, $linkEliminate), $body);
    
                  $subject="[".get_bloginfo('name')."] ".__('Ad Confirmation', "wpct");
    		  	  $headers = 'From: no-reply '.get_bloginfo('name').' <'.get_the_author_meta('email',1).'>' . "\r\n\\";
    		  	  wp_mail(cP(email),$subject,$body,$headers);
    
    		  	  $error_text = __('Thank you! Check your email inbox to confirm your ad', "wpct");
    		  	  $submitted_ad = true;
    
    }
    
    }
    
    ?>
    
      	  <?php if (!$submitted_ad) : ?>
    
          <?php if (get_option("wpClassifieds_post_message") != "") : ?>
          <div class="intro">
            <?php echo get_option('wpClassifieds_post_message'); ?>
          </div>
          <?php endif; ?>
      	  <?php if ($error_text) { echo "<div class=\"error-msg\">$error_text</div>"; }?>
      	  <form action="" method="post" enctype="multipart/form-data">
    
    <div class="field">
    <div class="fieldLabel">
    Show Title:
    </div>
    <input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Show Location:
    </div>
    <input id="Location" name="Location" type="text" value="<?php echo cP("Location");?>" class="PublishField"/>
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your First Name:<span class="fieldLabelSmall">(will not be published)</span>
    </div>
    <input id="FlyerFirstName" name="FlyerFirstName" type="text" value="<?php echo cP("FlyerFirstName");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your Last Name:<span class="fieldLabelSmall">(will not be published)</span>
    </div>
    <input id="FlyerLastName" name="FlyerLastName" type="text" value="<?php echo cP("FlyerLastName");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your Email: <span class="fieldLabelSmall">(will not be published)</span>
    </div>
    
    <input id="FlyerEmail" name="FlyerEmail" type="text" value="<?php echo cP("FlyerEmail");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Show Description:
    </div>
    <textarea id="description" name="description" class="PublishFieldDescription">
    <?php echo cPR("description");?>
    </textarea>
    </div>
    
    <?php if (get_option('EventFlyer_max_img_num','1')>0) : ?>
    
    <?php for ($i=1;$i<=get_option('EventFlyer_max_img_num','1');$i++) : ?>
    
    <div class="pictures">
    Upload Flyer
    <input type="file" name="pic<?php echo $i?>" id="pic<?php echo $i?>" value="<?php echo $_POST["pic".$i];?>" />
    </div>
    
    <?php endfor; ?>
    <?php endif; ?>
    
    <div class="submitContainer">
    <input name="Submit" value="SUBMIT FOR APPROVAL" type="submit" class="submit" />
    </div>
    
    </form>
    
    <?php endif; ?>
    <?php if ($error_text and $submitted_ad) :  ?>
    
    <div class="error-msg"><?php echo $error_text; ?></div>
    
    <?php endif; ?>
  2. NateJacobs
    Member
    Posted 2 years ago #

    In your wp_insert_post array add this 'post_type' =>'custom_post_type'

    I would also make sure you add wp_nonce_field() to your form.

  3. alanchrishughes
    Member
    Posted 2 years ago #

    Thank you. I'm not very knowledgeable in php though, could you be more specific? I'm not seeing wp_insert_post any where in the code above.

  4. NateJacobs
    Member
    Posted 2 years ago #

    I created a PasteBin for you with your code so we can refer to line numbers.
    http://pastebin.com/nYdbz6rg

    On line 71 you have an array with the variable $data. Add the 'post_type' => 'name_of_your_custom_post_type'. The wp_insert_post is on line 82.

    I would also take some time to read up on how to securely add content from the front end to avoid problems involving XSS and CSRF. The wp_nonce_field() will help. This video from WCSF with Mark Jaquith, Jon Cave, and Brad Williams provides a good look at security in WordPress.

    Please, in the future, limit your code in a topic to 10 lines or less as the forum help suggests.

  5. alanchrishughes
    Member
    Posted 2 years ago #

    Thank you good sir. Like I said though I don't know much of anything about php, so after about 10 minutes of that video I realized I haven't understood anything they said besides the obvious point that hackers will getcha if you code stuff wrong.

    I don't know what a nonce is but I remembered seeing them in the code from the tutorial on adding the back-end pages' meta boxes and from looking at that I guessed it into the front end boxes like this

    <div class="field">
    <div class="fieldLabel">
    Show Title:
    </div>
    <?php echo '<input type="hidden" name="title_input_hidden" id="title_input_hidden" value="'.wp_create_nonce('title-nonce').'" />'; ?>
    <input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
    </div>

    Is that correct?

  6. NateJacobs
    Member
    Posted 2 years ago #

    Sorry the video was a bit confusing. Have you read the Codex regarding nonces yet? It has some good concrete code examples. Here is a small sample form.

    http://pastebin.com/6nTY9GSS

  7. alanchrishughes
    Member
    Posted 2 years ago #

    So basically I just need to add

    <?php wp_nonce_field( 'my_nonce_action', 'my_favorite_nonce' ); ?>

    before the closing </form>

    And then copy and past the rest of what you have after the closing </form> ?

    Can the my_nonce_action and my_favorite_none be whatever I want as long as they match the names in the php after the form?

  8. alanchrishughes
    Member
    Posted 2 years ago #

    Thanks again for your help, you have already answered my original question about the custom fields.

  9. alanchrishughes
    Member
    Posted 2 years ago #

    Am I explaining that right?

    What could happen if I am unable to use nonces?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.